1. Packages
  2. Azure Native
  3. API Docs
  4. authorization
  5. PolicyExemption
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi

azure-native.authorization.PolicyExemption

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi

    The policy exemption. Azure REST API version: 2022-07-01-preview. Prior API version in Azure Native 1.x: 2020-07-01-preview.

    Example Usage

    Create or update a policy exemption

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
        {
            Description = "Exempt demo cluster from limit sku",
            DisplayName = "Exempt demo cluster",
            ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
            Metadata = new Dictionary<string, object?>
            {
                ["reason"] = "Temporary exemption for a expensive VM demo",
            },
            PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
            PolicyDefinitionReferenceIds = new[]
            {
                "Limit_Skus",
            },
            PolicyExemptionName = "DemoExpensiveVM",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
    			Description:       pulumi.String("Exempt demo cluster from limit sku"),
    			DisplayName:       pulumi.String("Exempt demo cluster"),
    			ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"reason": "Temporary exemption for a expensive VM demo",
    			}),
    			PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
    			PolicyDefinitionReferenceIds: pulumi.StringArray{
    				pulumi.String("Limit_Skus"),
    			},
    			PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
    			Scope:               pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyExemption;
    import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
                .description("Exempt demo cluster from limit sku")
                .displayName("Exempt demo cluster")
                .exemptionCategory("Waiver")
                .metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
                .policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
                .policyDefinitionReferenceIds("Limit_Skus")
                .policyExemptionName("DemoExpensiveVM")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_exemption = azure_native.authorization.PolicyExemption("policyExemption",
        description="Exempt demo cluster from limit sku",
        display_name="Exempt demo cluster",
        exemption_category=azure_native.authorization.ExemptionCategory.WAIVER,
        metadata={
            "reason": "Temporary exemption for a expensive VM demo",
        },
        policy_assignment_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        policy_definition_reference_ids=["Limit_Skus"],
        policy_exemption_name="DemoExpensiveVM",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyExemption = new azure_native.authorization.PolicyExemption("policyExemption", {
        description: "Exempt demo cluster from limit sku",
        displayName: "Exempt demo cluster",
        exemptionCategory: azure_native.authorization.ExemptionCategory.Waiver,
        metadata: {
            reason: "Temporary exemption for a expensive VM demo",
        },
        policyAssignmentId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        policyDefinitionReferenceIds: ["Limit_Skus"],
        policyExemptionName: "DemoExpensiveVM",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
    });
    
    resources:
      policyExemption:
        type: azure-native:authorization:PolicyExemption
        properties:
          description: Exempt demo cluster from limit sku
          displayName: Exempt demo cluster
          exemptionCategory: Waiver
          metadata:
            reason: Temporary exemption for a expensive VM demo
          policyAssignmentId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement
          policyDefinitionReferenceIds:
            - Limit_Skus
          policyExemptionName: DemoExpensiveVM
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster
    

    Create or update a policy exemption with resource selectors

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
        {
            AssignmentScopeValidation = AzureNative.Authorization.AssignmentScopeValidation.Default,
            Description = "Exempt demo cluster from limit sku",
            DisplayName = "Exempt demo cluster",
            ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
            Metadata = new Dictionary<string, object?>
            {
                ["reason"] = "Temporary exemption for a expensive VM demo",
            },
            PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
            PolicyDefinitionReferenceIds = new[]
            {
                "Limit_Skus",
            },
            PolicyExemptionName = "DemoExpensiveVM",
            ResourceSelectors = new[]
            {
                new AzureNative.Authorization.Inputs.ResourceSelectorArgs
                {
                    Name = "SDPRegions",
                    Selectors = new[]
                    {
                        new AzureNative.Authorization.Inputs.SelectorArgs
                        {
                            In = new[]
                            {
                                "eastus2euap",
                                "centraluseuap",
                            },
                            Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
                        },
                    },
                },
            },
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
    			AssignmentScopeValidation: pulumi.String(authorization.AssignmentScopeValidationDefault),
    			Description:               pulumi.String("Exempt demo cluster from limit sku"),
    			DisplayName:               pulumi.String("Exempt demo cluster"),
    			ExemptionCategory:         pulumi.String(authorization.ExemptionCategoryWaiver),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"reason": "Temporary exemption for a expensive VM demo",
    			}),
    			PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
    			PolicyDefinitionReferenceIds: pulumi.StringArray{
    				pulumi.String("Limit_Skus"),
    			},
    			PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
    			ResourceSelectors: authorization.ResourceSelectorArray{
    				&authorization.ResourceSelectorArgs{
    					Name: pulumi.String("SDPRegions"),
    					Selectors: authorization.SelectorArray{
    						&authorization.SelectorArgs{
    							In: pulumi.StringArray{
    								pulumi.String("eastus2euap"),
    								pulumi.String("centraluseuap"),
    							},
    							Kind: pulumi.String(authorization.SelectorKindResourceLocation),
    						},
    					},
    				},
    			},
    			Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyExemption;
    import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
    import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
                .assignmentScopeValidation("Default")
                .description("Exempt demo cluster from limit sku")
                .displayName("Exempt demo cluster")
                .exemptionCategory("Waiver")
                .metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
                .policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
                .policyDefinitionReferenceIds("Limit_Skus")
                .policyExemptionName("DemoExpensiveVM")
                .resourceSelectors(ResourceSelectorArgs.builder()
                    .name("SDPRegions")
                    .selectors(SelectorArgs.builder()
                        .in(                    
                            "eastus2euap",
                            "centraluseuap")
                        .kind("resourceLocation")
                        .build())
                    .build())
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_exemption = azure_native.authorization.PolicyExemption("policyExemption",
        assignment_scope_validation=azure_native.authorization.AssignmentScopeValidation.DEFAULT,
        description="Exempt demo cluster from limit sku",
        display_name="Exempt demo cluster",
        exemption_category=azure_native.authorization.ExemptionCategory.WAIVER,
        metadata={
            "reason": "Temporary exemption for a expensive VM demo",
        },
        policy_assignment_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        policy_definition_reference_ids=["Limit_Skus"],
        policy_exemption_name="DemoExpensiveVM",
        resource_selectors=[azure_native.authorization.ResourceSelectorArgs(
            name="SDPRegions",
            selectors=[azure_native.authorization.SelectorArgs(
                in_=[
                    "eastus2euap",
                    "centraluseuap",
                ],
                kind=azure_native.authorization.SelectorKind.RESOURCE_LOCATION,
            )],
        )],
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyExemption = new azure_native.authorization.PolicyExemption("policyExemption", {
        assignmentScopeValidation: azure_native.authorization.AssignmentScopeValidation.Default,
        description: "Exempt demo cluster from limit sku",
        displayName: "Exempt demo cluster",
        exemptionCategory: azure_native.authorization.ExemptionCategory.Waiver,
        metadata: {
            reason: "Temporary exemption for a expensive VM demo",
        },
        policyAssignmentId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        policyDefinitionReferenceIds: ["Limit_Skus"],
        policyExemptionName: "DemoExpensiveVM",
        resourceSelectors: [{
            name: "SDPRegions",
            selectors: [{
                "in": [
                    "eastus2euap",
                    "centraluseuap",
                ],
                kind: azure_native.authorization.SelectorKind.ResourceLocation,
            }],
        }],
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
    });
    
    resources:
      policyExemption:
        type: azure-native:authorization:PolicyExemption
        properties:
          assignmentScopeValidation: Default
          description: Exempt demo cluster from limit sku
          displayName: Exempt demo cluster
          exemptionCategory: Waiver
          metadata:
            reason: Temporary exemption for a expensive VM demo
          policyAssignmentId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement
          policyDefinitionReferenceIds:
            - Limit_Skus
          policyExemptionName: DemoExpensiveVM
          resourceSelectors:
            - name: SDPRegions
              selectors:
                - in:
                    - eastus2euap
                    - centraluseuap
                  kind: resourceLocation
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster
    

    Create PolicyExemption Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PolicyExemption(name: string, args: PolicyExemptionArgs, opts?: CustomResourceOptions);
    @overload
    def PolicyExemption(resource_name: str,
                        args: PolicyExemptionArgs,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def PolicyExemption(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        exemption_category: Optional[Union[str, ExemptionCategory]] = None,
                        policy_assignment_id: Optional[str] = None,
                        scope: Optional[str] = None,
                        assignment_scope_validation: Optional[Union[str, AssignmentScopeValidation]] = None,
                        description: Optional[str] = None,
                        display_name: Optional[str] = None,
                        expires_on: Optional[str] = None,
                        metadata: Optional[Any] = None,
                        policy_definition_reference_ids: Optional[Sequence[str]] = None,
                        policy_exemption_name: Optional[str] = None,
                        resource_selectors: Optional[Sequence[ResourceSelectorArgs]] = None)
    func NewPolicyExemption(ctx *Context, name string, args PolicyExemptionArgs, opts ...ResourceOption) (*PolicyExemption, error)
    public PolicyExemption(string name, PolicyExemptionArgs args, CustomResourceOptions? opts = null)
    public PolicyExemption(String name, PolicyExemptionArgs args)
    public PolicyExemption(String name, PolicyExemptionArgs args, CustomResourceOptions options)
    
    type: azure-native:authorization:PolicyExemption
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PolicyExemptionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyExemptionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyExemptionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyExemptionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyExemptionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var policyExemptionResource = new AzureNative.Authorization.PolicyExemption("policyExemptionResource", new()
    {
        ExemptionCategory = "string",
        PolicyAssignmentId = "string",
        Scope = "string",
        AssignmentScopeValidation = "string",
        Description = "string",
        DisplayName = "string",
        ExpiresOn = "string",
        Metadata = "any",
        PolicyDefinitionReferenceIds = new[]
        {
            "string",
        },
        PolicyExemptionName = "string",
        ResourceSelectors = new[]
        {
            new AzureNative.Authorization.Inputs.ResourceSelectorArgs
            {
                Name = "string",
                Selectors = new[]
                {
                    new AzureNative.Authorization.Inputs.SelectorArgs
                    {
                        In = new[]
                        {
                            "string",
                        },
                        Kind = "string",
                        NotIn = new[]
                        {
                            "string",
                        },
                    },
                },
            },
        },
    });
    
    example, err := authorization.NewPolicyExemption(ctx, "policyExemptionResource", &authorization.PolicyExemptionArgs{
    ExemptionCategory: pulumi.String("string"),
    PolicyAssignmentId: pulumi.String("string"),
    Scope: pulumi.String("string"),
    AssignmentScopeValidation: pulumi.String("string"),
    Description: pulumi.String("string"),
    DisplayName: pulumi.String("string"),
    ExpiresOn: pulumi.String("string"),
    Metadata: pulumi.Any("any"),
    PolicyDefinitionReferenceIds: pulumi.StringArray{
    pulumi.String("string"),
    },
    PolicyExemptionName: pulumi.String("string"),
    ResourceSelectors: authorization.ResourceSelectorArray{
    &authorization.ResourceSelectorArgs{
    Name: pulumi.String("string"),
    Selectors: authorization.SelectorArray{
    &authorization.SelectorArgs{
    In: pulumi.StringArray{
    pulumi.String("string"),
    },
    Kind: pulumi.String("string"),
    NotIn: pulumi.StringArray{
    pulumi.String("string"),
    },
    },
    },
    },
    },
    })
    
    var policyExemptionResource = new PolicyExemption("policyExemptionResource", PolicyExemptionArgs.builder()
        .exemptionCategory("string")
        .policyAssignmentId("string")
        .scope("string")
        .assignmentScopeValidation("string")
        .description("string")
        .displayName("string")
        .expiresOn("string")
        .metadata("any")
        .policyDefinitionReferenceIds("string")
        .policyExemptionName("string")
        .resourceSelectors(ResourceSelectorArgs.builder()
            .name("string")
            .selectors(SelectorArgs.builder()
                .in("string")
                .kind("string")
                .notIn("string")
                .build())
            .build())
        .build());
    
    policy_exemption_resource = azure_native.authorization.PolicyExemption("policyExemptionResource",
        exemption_category="string",
        policy_assignment_id="string",
        scope="string",
        assignment_scope_validation="string",
        description="string",
        display_name="string",
        expires_on="string",
        metadata="any",
        policy_definition_reference_ids=["string"],
        policy_exemption_name="string",
        resource_selectors=[azure_native.authorization.ResourceSelectorArgs(
            name="string",
            selectors=[azure_native.authorization.SelectorArgs(
                in_=["string"],
                kind="string",
                not_in=["string"],
            )],
        )])
    
    const policyExemptionResource = new azure_native.authorization.PolicyExemption("policyExemptionResource", {
        exemptionCategory: "string",
        policyAssignmentId: "string",
        scope: "string",
        assignmentScopeValidation: "string",
        description: "string",
        displayName: "string",
        expiresOn: "string",
        metadata: "any",
        policyDefinitionReferenceIds: ["string"],
        policyExemptionName: "string",
        resourceSelectors: [{
            name: "string",
            selectors: [{
                "in": ["string"],
                kind: "string",
                notIn: ["string"],
            }],
        }],
    });
    
    type: azure-native:authorization:PolicyExemption
    properties:
        assignmentScopeValidation: string
        description: string
        displayName: string
        exemptionCategory: string
        expiresOn: string
        metadata: any
        policyAssignmentId: string
        policyDefinitionReferenceIds:
            - string
        policyExemptionName: string
        resourceSelectors:
            - name: string
              selectors:
                - in:
                    - string
                  kind: string
                  notIn:
                    - string
        scope: string
    

    PolicyExemption Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The PolicyExemption resource accepts the following input properties:

    ExemptionCategory string | Pulumi.AzureNative.Authorization.ExemptionCategory
    The policy exemption category. Possible values are Waiver and Mitigated.
    PolicyAssignmentId string
    The ID of the policy assignment that is being exempted.
    Scope string
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    AssignmentScopeValidation string | Pulumi.AzureNative.Authorization.AssignmentScopeValidation
    The option whether validate the exemption is at or under the assignment scope.
    Description string
    The description of the policy exemption.
    DisplayName string
    The display name of the policy exemption.
    ExpiresOn string
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    Metadata object
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    PolicyDefinitionReferenceIds List<string>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    PolicyExemptionName string
    The name of the policy exemption to delete.
    ResourceSelectors List<Pulumi.AzureNative.Authorization.Inputs.ResourceSelector>
    The resource selector list to filter policies by resource properties.
    ExemptionCategory string | ExemptionCategory
    The policy exemption category. Possible values are Waiver and Mitigated.
    PolicyAssignmentId string
    The ID of the policy assignment that is being exempted.
    Scope string
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    AssignmentScopeValidation string | AssignmentScopeValidation
    The option whether validate the exemption is at or under the assignment scope.
    Description string
    The description of the policy exemption.
    DisplayName string
    The display name of the policy exemption.
    ExpiresOn string
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    Metadata interface{}
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    PolicyDefinitionReferenceIds []string
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    PolicyExemptionName string
    The name of the policy exemption to delete.
    ResourceSelectors []ResourceSelectorArgs
    The resource selector list to filter policies by resource properties.
    exemptionCategory String | ExemptionCategory
    The policy exemption category. Possible values are Waiver and Mitigated.
    policyAssignmentId String
    The ID of the policy assignment that is being exempted.
    scope String
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignmentScopeValidation String | AssignmentScopeValidation
    The option whether validate the exemption is at or under the assignment scope.
    description String
    The description of the policy exemption.
    displayName String
    The display name of the policy exemption.
    expiresOn String
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    metadata Object
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    policyExemptionName String
    The name of the policy exemption to delete.
    resourceSelectors List<ResourceSelector>
    The resource selector list to filter policies by resource properties.
    exemptionCategory string | ExemptionCategory
    The policy exemption category. Possible values are Waiver and Mitigated.
    policyAssignmentId string
    The ID of the policy assignment that is being exempted.
    scope string
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignmentScopeValidation string | AssignmentScopeValidation
    The option whether validate the exemption is at or under the assignment scope.
    description string
    The description of the policy exemption.
    displayName string
    The display name of the policy exemption.
    expiresOn string
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    metadata any
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    policyDefinitionReferenceIds string[]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    policyExemptionName string
    The name of the policy exemption to delete.
    resourceSelectors ResourceSelector[]
    The resource selector list to filter policies by resource properties.
    exemption_category str | ExemptionCategory
    The policy exemption category. Possible values are Waiver and Mitigated.
    policy_assignment_id str
    The ID of the policy assignment that is being exempted.
    scope str
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignment_scope_validation str | AssignmentScopeValidation
    The option whether validate the exemption is at or under the assignment scope.
    description str
    The description of the policy exemption.
    display_name str
    The display name of the policy exemption.
    expires_on str
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    metadata Any
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    policy_definition_reference_ids Sequence[str]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    policy_exemption_name str
    The name of the policy exemption to delete.
    resource_selectors Sequence[ResourceSelectorArgs]
    The resource selector list to filter policies by resource properties.
    exemptionCategory String | "Waiver" | "Mitigated"
    The policy exemption category. Possible values are Waiver and Mitigated.
    policyAssignmentId String
    The ID of the policy assignment that is being exempted.
    scope String
    The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignmentScopeValidation String | "Default" | "DoNotValidate"
    The option whether validate the exemption is at or under the assignment scope.
    description String
    The description of the policy exemption.
    displayName String
    The display name of the policy exemption.
    expiresOn String
    The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
    metadata Any
    The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    policyExemptionName String
    The name of the policy exemption to delete.
    resourceSelectors List<Property Map>
    The resource selector list to filter policies by resource properties.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PolicyExemption resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The name of the policy exemption.
    SystemData Pulumi.AzureNative.Authorization.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource (Microsoft.Authorization/policyExemptions).
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The name of the policy exemption.
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource (Microsoft.Authorization/policyExemptions).
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The name of the policy exemption.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource (Microsoft.Authorization/policyExemptions).
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The name of the policy exemption.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource (Microsoft.Authorization/policyExemptions).
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The name of the policy exemption.
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource (Microsoft.Authorization/policyExemptions).
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The name of the policy exemption.
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource (Microsoft.Authorization/policyExemptions).

    Supporting Types

    AssignmentScopeValidation, AssignmentScopeValidationArgs

    Default
    DefaultThis option will validate the exemption is at or under the assignment scope.
    DoNotValidate
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
    AssignmentScopeValidationDefault
    DefaultThis option will validate the exemption is at or under the assignment scope.
    AssignmentScopeValidationDoNotValidate
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
    Default
    DefaultThis option will validate the exemption is at or under the assignment scope.
    DoNotValidate
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
    Default
    DefaultThis option will validate the exemption is at or under the assignment scope.
    DoNotValidate
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
    DEFAULT
    DefaultThis option will validate the exemption is at or under the assignment scope.
    DO_NOT_VALIDATE
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
    "Default"
    DefaultThis option will validate the exemption is at or under the assignment scope.
    "DoNotValidate"
    DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.

    ExemptionCategory, ExemptionCategoryArgs

    Waiver
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    Mitigated
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
    ExemptionCategoryWaiver
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    ExemptionCategoryMitigated
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
    Waiver
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    Mitigated
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
    Waiver
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    Mitigated
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
    WAIVER
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    MITIGATED
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
    "Waiver"
    WaiverThis category of exemptions usually means the scope is not applicable for the policy.
    "Mitigated"
    MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.

    ResourceSelector, ResourceSelectorArgs

    Name string
    The name of the resource selector.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.Selector>
    The list of the selector expressions.
    Name string
    The name of the resource selector.
    Selectors []Selector
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Selector>
    The list of the selector expressions.
    name string
    The name of the resource selector.
    selectors Selector[]
    The list of the selector expressions.
    name str
    The name of the resource selector.
    selectors Sequence[Selector]
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Property Map>
    The list of the selector expressions.

    ResourceSelectorResponse, ResourceSelectorResponseArgs

    Name string
    The name of the resource selector.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.SelectorResponse>
    The list of the selector expressions.
    Name string
    The name of the resource selector.
    Selectors []SelectorResponse
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<SelectorResponse>
    The list of the selector expressions.
    name string
    The name of the resource selector.
    selectors SelectorResponse[]
    The list of the selector expressions.
    name str
    The name of the resource selector.
    selectors Sequence[SelectorResponse]
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Property Map>
    The list of the selector expressions.

    Selector, SelectorArgs

    In List<string>
    The list of values to filter in.
    Kind string | Pulumi.AzureNative.Authorization.SelectorKind
    The selector kind.
    NotIn List<string>
    The list of values to filter out.
    In []string
    The list of values to filter in.
    Kind string | SelectorKind
    The selector kind.
    NotIn []string
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String | SelectorKind
    The selector kind.
    notIn List<String>
    The list of values to filter out.
    in string[]
    The list of values to filter in.
    kind string | SelectorKind
    The selector kind.
    notIn string[]
    The list of values to filter out.
    in_ Sequence[str]
    The list of values to filter in.
    kind str | SelectorKind
    The selector kind.
    not_in Sequence[str]
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String | "resourceLocation" | "resourceType" | "resourceWithoutLocation" | "policyDefinitionReferenceId"
    The selector kind.
    notIn List<String>
    The list of values to filter out.

    SelectorKind, SelectorKindArgs

    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    SelectorKindResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    SelectorKindResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    SelectorKindResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    SelectorKindPolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    RESOURCE_LOCATION
    resourceLocationThe selector kind to filter policies by the resource location.
    RESOURCE_TYPE
    resourceTypeThe selector kind to filter policies by the resource type.
    RESOURCE_WITHOUT_LOCATION
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    POLICY_DEFINITION_REFERENCE_ID
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    "resourceLocation"
    resourceLocationThe selector kind to filter policies by the resource location.
    "resourceType"
    resourceTypeThe selector kind to filter policies by the resource type.
    "resourceWithoutLocation"
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    "policyDefinitionReferenceId"
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.

    SelectorResponse, SelectorResponseArgs

    In List<string>
    The list of values to filter in.
    Kind string
    The selector kind.
    NotIn List<string>
    The list of values to filter out.
    In []string
    The list of values to filter in.
    Kind string
    The selector kind.
    NotIn []string
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String
    The selector kind.
    notIn List<String>
    The list of values to filter out.
    in string[]
    The list of values to filter in.
    kind string
    The selector kind.
    notIn string[]
    The list of values to filter out.
    in_ Sequence[str]
    The list of values to filter in.
    kind str
    The selector kind.
    not_in Sequence[str]
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String
    The selector kind.
    notIn List<String>
    The list of values to filter out.

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:PolicyExemption DemoExpensiveVM /{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi